CVEbuzz logo
This website displays data collected from external sources, and is not responsible for any aspect of it. Read more...

Security / vulnerability advisories for Axis Communications AXIS 2490 Serial Server 2.11.3

Titles listed in dictionary

CPE for product: cpe:2.3:h:axis:2490_serial_server:2.11.3:*:*:*:*:*:*:*

Showing 1-3 of 3
Maximal damage 10
Very easy to exploit
(other affected products) Published: Fri Dec 31 05:00:00 2004 UTC. Last Modified: Fri Sep 5 20:44:00 2008 UTC
CPE matches: cpe:2.3:h:axis:2490_serial_server:*:*:*:*:*:*:*:* ; cpe:2.3:h:axis:2490_serial_server:2.11.3:*:*:*:*:*:*:*

Description

Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi.

Damage

Attack conditions

Damage and attack conditions obtained from AV:N/AC:L/Au:N/C:C/I:C/A:C (CVSSv2)

References

Low damage 5
Very easy to exploit
(other affected products) Published: Fri Dec 31 05:00:00 2004 UTC. Last Modified: Tue Jul 11 01:31:00 2017 UTC
CPE matches: cpe:2.3:h:axis:2490_serial_server:*:*:*:*:*:*:*:* ; cpe:2.3:h:axis:2490_serial_server:2.11.3:*:*:*:*:*:*:*

Description

Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.

Damage

Attack conditions

Damage and attack conditions obtained from AV:N/AC:L/Au:N/C:N/I:P/A:N (CVSSv2)

References

Medium damage 7.5
Very easy to exploit
(other affected products) Published: Fri Dec 31 05:00:00 2004 UTC. Last Modified: Tue Jul 11 01:31:00 2017 UTC
CPE matches: cpe:2.3:h:axis:2490_serial_server:*:*:*:*:*:*:*:* ; cpe:2.3:h:axis:2490_serial_server:2.11.3:*:*:*:*:*:*:*

Description

Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.

Damage

Attack conditions

Damage and attack conditions obtained from AV:N/AC:L/Au:N/C:P/I:P/A:P (CVSSv2)

References